Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6103 matches found

EUVD
EUVDadded 2026/04/03 6:31 a.m.12 views

EUVD-2026-18593

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References8
OSV
OSVadded 2026/04/03 6:31 a.m.1 views

GHSA-W846-74JR-76CV Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References9
NVD
NVDadded 2026/04/03 5:16 a.m.3 views

CVE-2026-35545

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke...

8.2CVSS0.00329EPSS
Exploits0References7
UbuntuCve
UbuntuCveadded 2026/04/03 5:16 a.m.1 views

CVE-2026-35542

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References9
UbuntuCve
UbuntuCveadded 2026/04/03 5:16 a.m.2 views

CVE-2026-35545

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke...

8.2CVSS5.8AI score0.00329EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/04/03 4:2 a.m.5 views

CVE-2026-35545

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/03 4:2 a.m.1 views

CVE-2026-35545

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/04/03 12:0 a.m.1 views

PT-2026-29981

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass...

5.3CVSS5.9AI score0.00402EPSS
Exploits0References8
EUVD
EUVDadded 2026/04/02 6:31 p.m.2 views

EUVD-2026-18414

A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The...

6.3CVSS5.2AI score0.00427EPSS
Exploits0References9
NVD
NVDadded 2026/03/31 10:16 p.m.5 views

CVE-2026-34605

SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynamicIcon endpoint can be bypassed by using namespace-prefixed element names such as . The Go HTML5...

8.6CVSS0.00469EPSS
Exploits1References3
RedHat Linux
RedHat Linuxadded 2026/03/31 7:50 p.m.1 views

GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay

A flaw was found in GStreamer. This out-of-bounds write vulnerability exists within the rtpqdm2depay element, specifically during the processing of X-QDM Real-time Transport Protocol RTP payload elements. A remote attacker can exploit this by providing malformed user-supplied data to the packetid...

8.8CVSS7.8AI score0.00566EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/03/30 12:0 a.m.0 views

PT-2026-29108

Name of the Vulnerable Software and Affected Versions NoMachine affected versions not specified Description This issue allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target syste...

7.8CVSS7.5AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/27 12:0 a.m.20 views

CVE-2025-69986

A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized protocol string, an...

0.00537EPSS
Exploits0References1
CVE
CVEadded 2026/03/27 12:0 a.m.5 views

CVE-2025-69986

The CVE describes a buffer overflow in the ONVIF GetStreamUri function of LSC Indoor Camera v7.6.32. The application fails to validate the Protocol parameter length inside the Transport element; a crafted SOAP request with an oversized protocol string can overflow a stack buffer and overwrite the...

7.2CVSS6.2AI score0.00537EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/27 12:0 a.m.1 views

CVE-2025-69986

A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized protocol string, an...

6.2AI score0.00537EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/27 12:0 a.m.3 views

CVE-2025-69986

A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized protocol string, an...

6.2AI score0.00537EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/03/27 12:0 a.m.6 views

LSC Smart Connect Indoor IP Camera 安全漏洞

LSC Smart Connect Indoor IP Camera is a camera driver developed by LSC Smart Connect. Version 7.6.32 of the LSC Indoor Camera contains a security vulnerability. This vulnerability stems from the lack of verification of the length of the Protocol parameter within the Transport element. It may lead...

7.2CVSS6.2AI score0.00537EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 11:55 p.m.1 views

CVE-2026-23396

A flaw was found in the Linux kernel's mac80211 component. An adjacent attacker can exploit this by sending a specially crafted Channel Switch Announcement CSA action frame. This frame, containing a valid Mesh ID Information Element IE but lacking a Mesh Configuration IE, can trigger a NULL point...

5.7AI score0.00114EPSS
Exploits0References4
NVD
NVDadded 2026/03/26 5:16 p.m.3 views

CVE-2026-27815

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118chargerImpl::handlesessionsetup copies a variable-length paymentoptions list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can...

9.1CVSS0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 5:3 p.m.2 views

CVE-2026-25007

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Blind SQL Injection.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.2...

8.5CVSS5.9AI score0.00253EPSS
Exploits0References1
Rows per page
Query Builder